|
As I have mentioned before, we are currently producing an
OpenSSL solution that uses our own cryptography library for ALL cryptographic
functionality (instead of using libeay for those functions). We have
elected to actually replace the underlying crypto functions in libeay with calls
to our own library (at the EVP level wherever possible) instead of attempting to
use the ENGINE interface. We are doing this for various reasons and I wanted to
run them by you to see if our thinking is sound (or if we have missed
something):
1 - It appears that Engine is meant to provide support for
alternate solutions (primarily hardware), but will fall back to the libeay
software solution if no other engines exist. We must use our library for all
cryptography. It is not optional.
2 - Engine does not support cryptography that is not also
supported through the standard software interface. Richard Levitte just started
a thread on this topic (Disabling algorithms) which is really what got me
thinking about this again. In any case, if we disable the current software
solutions, it would appear that we also disable any ability to provide the
solutions through the engine. See #1 to understand why this is not acceptable
for us.
3 - Engine does not currently support all cryptographic
functionality. Most notable would be symmetric ciphers, but we also need to use
our library for RAND and other functions that may not be supported
either.
4 - Engine is still in early development and may not be as
stable as the standard code base.
5 - We have not been able to find much
documentation about how to use the Engine interface.
This is probably not an exhaustive list, but is sufficient for
making the decision that Engine is not an option for providing the solution we
want at this time.
Am I incorrect in any of my assumptions or conclusions? Are
there other considerations I have missed that would make the Engine more
palatable for what we are doing?
You time and consideration of these questions is greatly
appreciated.
Verdon Walker
(801) 861-2633 [EMAIL PROTECTED] Novell Inc., the leading provider of Net Services Software www.novell.com |
- Re: Engine vs. Crypto Lib Question Verdon Walker
- Re: Engine vs. Crypto Lib Question Geoff Thorpe
- Re: Engine vs. Crypto Lib Question Verdon Walker
